If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Need a corporate Keylogger!!!

Okay my friends company wants to monitor all the things EVERYONE does and people are not just on the lan there are a lot of onsite people. Does anyone know of a keylogger that can send the data securely via anything secure such as ssl, https, or sftp? Oh yeah they want a solution for monday lol...

Ive been talking to him and they want A LOT of stuff. Not only do they insist on a keylogger that can take screen shots and all the extra stuff but they do want it to send securely back to their server no matter where they are...

IMO keyloggers are never a good idea. Better talk them out of it. As nihil says use the network. Setup proxy servers, IDS and a good firewall policy. Turn up auditing on windows clients. If done properly you can pretty much see everything without the need for something as "invasive" as a keylogger.

Don't loose sight of the privacy laws too. Some of this may even be against the law.

Oliver's Law:
Experience is something you don't get until just after you need it.

The reason that doesnt work nihil is because they have some laptops that never or rarely end up on their lan.

and ya...they insist on what they insist on I cant really convince them otherwise. I told them also if they setup a proxy to monitor all web traffic it would be more then enough. If there is suspcious activity then you can confront them but I personally think they are going to far.

Unless anyone knows of such an application I will assume one does not exist. Thanks for the input guys!!!

If the company I worked for did something like this... I'd turn in my resignation and leak it to the local newspaper so all my coworkers would know. I'm sure a lot of them would also not want to work for a company that has such practices.

Just to be clear, I'm talking about me as an end user. I can understand monitoring web usage for policy violations or to increase productivity. I can understand journaling emails. However, to intercept every keystroke of every employee seems absurd to me on so many levels. If there was an employee who they could not trust, then fire them. Or, gather enough evidence that they can't be trusted via keyloggers, etc. then fire them or prosecute them if they're breaking the law. It just seems like a HUGE ABUSE of "power".

I wonder if this policy would apply to even top level execs or if the board of directors/shareholders would support it if they knew about it.

Last edited by phishphreek; June 21st, 2007 at 01:12 PM.

Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

The reason that doesnt work nihil is because they have some laptops that never or rarely end up on their lan.

In which case they cannot be mission critical and can safely be ignored. If they were in any way significant they would have to connect to the corporate mail server for e-mails and for a regular health check to ensure that the OS, applications and anti-malware were up to date and functioning, unless..............

Hmmmm, I wonder about the significance of these "stand alone" laptops?

Your normal security model would suggest that you protect your LAN and the clients that attach to it. This secures your business against attack rather than just indicating where staff are doing improper things.

A valid solution does not have to be 100% so long as it covers the core business?

A keylogger is an overhead and generally a waste of resources if deployed as suggested. You waste far too much on monitoring people doing their normal jobs, which is of no interest whatsoever.